Created /api/v1/keys, access-requests, telemetry, agent. Documented endpoints at /api/v1/docs

2026-01-19 18:29:22 +00:00
parent a3036f74fc
commit a32b3dd17f
30 changed files with 1071 additions and 3 deletions
--- a/app/apps/access/init.py
+++ b/app/apps/access/init.py
--- a/app/apps/access/admin.py
+++ b/app/apps/access/admin.py
@@ -0,0 +1,19 @@
+from django.contrib import admin
+
+from .models import AccessRequest
+
+
+@admin.register(AccessRequest)
+class AccessRequestAdmin(admin.ModelAdmin):
+    list_display = (
+        "id",
+        "requester",
+        "server",
+        "status",
+        "requested_at",
+        "expires_at",
+        "decided_by",
+    )
+    list_filter = ("status", "server")
+    search_fields = ("requester__username", "requester__email", "server__display_name")
+    ordering = ("-requested_at",)
--- a/app/apps/access/apps.py
+++ b/app/apps/access/apps.py
@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class AccessConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.access"
+    verbose_name = "Access Requests"
--- a/app/apps/access/migrations/0001_initial.py
+++ b/app/apps/access/migrations/0001_initial.py
@@ -0,0 +1,78 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("servers", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="AccessRequest",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("pending", "Pending"),
+                            ("approved", "Approved"),
+                            ("denied", "Denied"),
+                            ("revoked", "Revoked"),
+                            ("cancelled", "Cancelled"),
+                            ("expired", "Expired"),
+                        ],
+                        db_index=True,
+                        default="pending",
+                        max_length=16,
+                    ),
+                ),
+                ("reason", models.TextField(blank=True)),
+                ("requested_at", models.DateTimeField(default=django.utils.timezone.now, editable=False)),
+                ("decided_at", models.DateTimeField(blank=True, null=True)),
+                ("expires_at", models.DateTimeField(blank=True, null=True)),
+                (
+                    "decided_by",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="access_decisions",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+                (
+                    "requester",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="access_requests",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+                (
+                    "server",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="access_requests",
+                        to="servers.server",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Access request",
+                "verbose_name_plural": "Access requests",
+                "ordering": ["-requested_at"],
+                "indexes": [
+                    models.Index(fields=["status", "requested_at"], name="acc_req_status_req_idx"),
+                    models.Index(fields=["server", "status"], name="acc_req_server_status_idx"),
+                ],
+            },
+        ),
+    ]
--- a/app/apps/access/migrations/init.py
+++ b/app/apps/access/migrations/init.py
--- a/app/apps/access/models.py
+++ b/app/apps/access/models.py
@@ -0,0 +1,57 @@
+from __future__ import annotations
+
+from django.conf import settings
+from django.db import models
+from django.utils import timezone
+
+from apps.servers.models import Server
+
+
+class AccessRequest(models.Model):
+    class Status(models.TextChoices):
+        PENDING = "pending", "Pending"
+        APPROVED = "approved", "Approved"
+        DENIED = "denied", "Denied"
+        REVOKED = "revoked", "Revoked"
+        CANCELLED = "cancelled", "Cancelled"
+        EXPIRED = "expired", "Expired"
+
+    requester = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        related_name="access_requests",
+    )
+    server = models.ForeignKey(
+        Server, on_delete=models.CASCADE, related_name="access_requests"
+    )
+    status = models.CharField(
+        max_length=16, choices=Status.choices, default=Status.PENDING, db_index=True
+    )
+    reason = models.TextField(blank=True)
+    requested_at = models.DateTimeField(default=timezone.now, editable=False)
+    decided_at = models.DateTimeField(null=True, blank=True)
+    expires_at = models.DateTimeField(null=True, blank=True)
+    decided_by = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+        related_name="access_decisions",
+    )
+
+    class Meta:
+        verbose_name = "Access request"
+        verbose_name_plural = "Access requests"
+        indexes = [
+            models.Index(fields=["status", "requested_at"], name="acc_req_status_req_idx"),
+            models.Index(fields=["server", "status"], name="acc_req_server_status_idx"),
+        ]
+        ordering = ["-requested_at"]
+
+    def is_expired(self) -> bool:
+        if not self.expires_at:
+            return False
+        return self.expires_at <= timezone.now()
+
+    def __str__(self) -> str:
+        return f"{self.requester_id} -> {self.server_id} ({self.status})"
--- a/app/apps/keys/init.py
+++ b/app/apps/keys/init.py
--- a/app/apps/keys/admin.py
+++ b/app/apps/keys/admin.py
@@ -0,0 +1,11 @@
+from django.contrib import admin
+
+from .models import SSHKey
+
+
+@admin.register(SSHKey)
+class SSHKeyAdmin(admin.ModelAdmin):
+    list_display = ("id", "user", "name", "key_type", "fingerprint", "is_active", "created_at")
+    list_filter = ("is_active", "key_type")
+    search_fields = ("name", "user__username", "user__email", "fingerprint")
+    ordering = ("-created_at",)
--- a/app/apps/keys/apps.py
+++ b/app/apps/keys/apps.py
@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class KeysConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.keys"
+    verbose_name = "SSH Keys"
--- a/app/apps/keys/migrations/0001_initial.py
+++ b/app/apps/keys/migrations/0001_initial.py
@@ -0,0 +1,53 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="SSHKey",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("name", models.CharField(max_length=128)),
+                ("public_key", models.TextField()),
+                ("key_type", models.CharField(max_length=32)),
+                ("fingerprint", models.CharField(db_index=True, max_length=128)),
+                ("is_active", models.BooleanField(db_index=True, default=True)),
+                ("created_at", models.DateTimeField(default=django.utils.timezone.now, editable=False)),
+                ("revoked_at", models.DateTimeField(blank=True, null=True)),
+                ("last_used_at", models.DateTimeField(blank=True, null=True)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="ssh_keys",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "SSH key",
+                "verbose_name_plural": "SSH keys",
+                "ordering": ["-created_at"],
+                "indexes": [
+                    models.Index(fields=["user", "is_active"], name="keys_user_active_idx"),
+                    models.Index(fields=["fingerprint"], name="keys_fingerprint_idx"),
+                ],
+                "constraints": [
+                    models.UniqueConstraint(
+                        fields=("user", "fingerprint"),
+                        name="unique_user_key_fingerprint",
+                    )
+                ],
+            },
+        ),
+    ]
--- a/app/apps/keys/migrations/init.py
+++ b/app/apps/keys/migrations/init.py
--- a/app/apps/keys/models.py
+++ b/app/apps/keys/models.py
@@ -0,0 +1,66 @@
+from __future__ import annotations
+
+import base64
+import binascii
+import hashlib
+
+from django.conf import settings
+from django.core.exceptions import ValidationError
+from django.db import models
+from django.utils import timezone
+
+
+def parse_public_key(public_key: str) -> tuple[str, str, str]:
+    trimmed = (public_key or "").strip()
+    parts = trimmed.split()
+    if len(parts) < 2:
+        raise ValidationError("Invalid SSH public key format.")
+    key_type, key_b64 = parts[0], parts[1]
+    try:
+        key_bytes = base64.b64decode(key_b64.encode("ascii"), validate=True)
+    except (binascii.Error, ValueError) as exc:
+        raise ValidationError("Invalid SSH public key format.") from exc
+    digest = hashlib.sha256(key_bytes).digest()
+    fingerprint = "SHA256:" + base64.b64encode(digest).decode("ascii").rstrip("=")
+    return key_type, key_b64, fingerprint
+
+
+class SSHKey(models.Model):
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name="ssh_keys"
+    )
+    name = models.CharField(max_length=128)
+    public_key = models.TextField()
+    key_type = models.CharField(max_length=32)
+    fingerprint = models.CharField(max_length=128, db_index=True)
+    is_active = models.BooleanField(default=True, db_index=True)
+    created_at = models.DateTimeField(default=timezone.now, editable=False)
+    revoked_at = models.DateTimeField(null=True, blank=True)
+    last_used_at = models.DateTimeField(null=True, blank=True)
+
+    class Meta:
+        verbose_name = "SSH key"
+        verbose_name_plural = "SSH keys"
+        indexes = [
+            models.Index(fields=["user", "is_active"], name="keys_user_active_idx"),
+            models.Index(fields=["fingerprint"], name="keys_fingerprint_idx"),
+        ]
+        constraints = [
+            models.UniqueConstraint(
+                fields=["user", "fingerprint"], name="unique_user_key_fingerprint"
+            )
+        ]
+        ordering = ["-created_at"]
+
+    def set_public_key(self, public_key: str) -> None:
+        key_type, key_b64, fingerprint = parse_public_key(public_key)
+        self.key_type = key_type
+        self.fingerprint = fingerprint
+        self.public_key = f"{key_type} {key_b64}"
+
+    def revoke(self) -> None:
+        self.is_active = False
+        self.revoked_at = timezone.now()
+
+    def __str__(self) -> str:
+        return f"{self.name} ({self.user_id})"
--- a/app/apps/telemetry/init.py
+++ b/app/apps/telemetry/init.py
--- a/app/apps/telemetry/admin.py
+++ b/app/apps/telemetry/admin.py
@@ -0,0 +1,11 @@
+from django.contrib import admin
+
+from .models import TelemetryEvent
+
+
+@admin.register(TelemetryEvent)
+class TelemetryEventAdmin(admin.ModelAdmin):
+    list_display = ("id", "event_type", "server", "user", "success", "source", "created_at")
+    list_filter = ("success", "source", "event_type")
+    search_fields = ("event_type", "message", "server__display_name", "user__username")
+    ordering = ("-created_at",)
--- a/app/apps/telemetry/apps.py
+++ b/app/apps/telemetry/apps.py
@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class TelemetryConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.telemetry"
+    verbose_name = "Telemetry"
--- a/app/apps/telemetry/migrations/0001_initial.py
+++ b/app/apps/telemetry/migrations/0001_initial.py
@@ -0,0 +1,73 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("servers", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="TelemetryEvent",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("event_type", models.CharField(db_index=True, max_length=64)),
+                ("success", models.BooleanField(db_index=True, default=True)),
+                (
+                    "source",
+                    models.CharField(
+                        choices=[
+                            ("agent", "Agent"),
+                            ("api", "API"),
+                            ("ui", "UI"),
+                            ("system", "System"),
+                        ],
+                        db_index=True,
+                        default="api",
+                        max_length=16,
+                    ),
+                ),
+                ("message", models.TextField(blank=True)),
+                ("metadata", models.JSONField(blank=True, default=dict)),
+                ("created_at", models.DateTimeField(db_index=True, default=django.utils.timezone.now, editable=False)),
+                (
+                    "server",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="telemetry_events",
+                        to="servers.server",
+                    ),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="telemetry_events",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Telemetry event",
+                "verbose_name_plural": "Telemetry events",
+                "ordering": ["-created_at"],
+                "indexes": [
+                    models.Index(fields=["created_at"], name="telemetry_created_at_idx"),
+                    models.Index(fields=["event_type"], name="telemetry_event_type_idx"),
+                    models.Index(fields=["server", "created_at"], name="telemetry_server_created_idx"),
+                    models.Index(fields=["user", "created_at"], name="telemetry_user_created_idx"),
+                ],
+            },
+        ),
+    ]
--- a/app/apps/telemetry/migrations/init.py
+++ b/app/apps/telemetry/migrations/init.py
--- a/app/apps/telemetry/models.py
+++ b/app/apps/telemetry/models.py
@@ -0,0 +1,48 @@
+from __future__ import annotations
+
+from django.conf import settings
+from django.db import models
+from django.utils import timezone
+
+from apps.servers.models import Server
+
+
+class TelemetryEvent(models.Model):
+    class Source(models.TextChoices):
+        AGENT = "agent", "Agent"
+        API = "api", "API"
+        UI = "ui", "UI"
+        SYSTEM = "system", "System"
+
+    event_type = models.CharField(max_length=64, db_index=True)
+    server = models.ForeignKey(
+        Server, null=True, blank=True, on_delete=models.SET_NULL, related_name="telemetry_events"
+    )
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+        related_name="telemetry_events",
+    )
+    success = models.BooleanField(default=True, db_index=True)
+    source = models.CharField(
+        max_length=16, choices=Source.choices, default=Source.API, db_index=True
+    )
+    message = models.TextField(blank=True)
+    metadata = models.JSONField(default=dict, blank=True)
+    created_at = models.DateTimeField(default=timezone.now, editable=False, db_index=True)
+
+    class Meta:
+        verbose_name = "Telemetry event"
+        verbose_name_plural = "Telemetry events"
+        indexes = [
+            models.Index(fields=["created_at"], name="telemetry_created_at_idx"),
+            models.Index(fields=["event_type"], name="telemetry_event_type_idx"),
+            models.Index(fields=["server", "created_at"], name="telemetry_server_created_idx"),
+            models.Index(fields=["user", "created_at"], name="telemetry_user_created_idx"),
+        ]
+        ordering = ["-created_at"]
+
+    def __str__(self) -> str:
+        return f"{self.event_type} ({'ok' if self.success else 'fail'})"